UBUNTU-CVE-2023-4641

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-4641

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-4641.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-4641

Upstream

CVE-2023-4641

Downstream

USN-6640-1

Related

USN-6640-1

Published

2023-12-27T16:15:00Z

Modified

2025-07-18T16:54:09Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - low

Summary

[none]

Details

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

References

Affected packages

Ubuntu:Pro:14.04:LTS / shadow

Package

Name: shadow
Purl: pkg:deb/ubuntu/shadow@1:4.1.5.1-1ubuntu9.5+esm4?arch=source&distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.5.1-1ubuntu9.5+esm4

Affected versions

1:4.*

1:4.1.5.1-1ubuntu6

1:4.1.5.1-1ubuntu7

1:4.1.5.1-1ubuntu8

1:4.1.5.1-1ubuntu9

1:4.1.5.1-1ubuntu9.1

1:4.1.5.1-1ubuntu9.2

1:4.1.5.1-1ubuntu9.4

1:4.1.5.1-1ubuntu9.5

1:4.1.5.1-1ubuntu9.5+esm1

1:4.1.5.1-1ubuntu9.5+esm2

1:4.1.5.1-1ubuntu9.5+esm3

Ecosystem specific

{
    "priority_reason": "Unlikely attack scenario",
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "login",
            "binary_version": "1:4.1.5.1-1ubuntu9.5+esm4"
        },
        {
            "binary_name": "login-dbgsym",
            "binary_version": "1:4.1.5.1-1ubuntu9.5+esm4"
        },
        {
            "binary_name": "passwd",
            "binary_version": "1:4.1.5.1-1ubuntu9.5+esm4"
        },
        {
            "binary_name": "passwd-dbgsym",
            "binary_version": "1:4.1.5.1-1ubuntu9.5+esm4"
        },
        {
            "binary_name": "uidmap",
            "binary_version": "1:4.1.5.1-1ubuntu9.5+esm4"
        },
        {
            "binary_name": "uidmap-dbgsym",
            "binary_version": "1:4.1.5.1-1ubuntu9.5+esm4"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / shadow

Package

Name: shadow
Purl: pkg:deb/ubuntu/shadow@1:4.2-3.1ubuntu5.5+esm4?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.2-3.1ubuntu5.5+esm4

Affected versions

1:4.*

1:4.1.5.1-1.1ubuntu7

1:4.2-3.1ubuntu1

1:4.2-3.1ubuntu2

1:4.2-3.1ubuntu3

1:4.2-3.1ubuntu4

1:4.2-3.1ubuntu5

1:4.2-3.1ubuntu5.2

1:4.2-3.1ubuntu5.3

1:4.2-3.1ubuntu5.4

1:4.2-3.1ubuntu5.5+esm1

1:4.2-3.1ubuntu5.5+esm2

1:4.2-3.1ubuntu5.5+esm3

Ecosystem specific

{
    "priority_reason": "Unlikely attack scenario",
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "login",
            "binary_version": "1:4.2-3.1ubuntu5.5+esm4"
        },
        {
            "binary_name": "login-dbgsym",
            "binary_version": "1:4.2-3.1ubuntu5.5+esm4"
        },
        {
            "binary_name": "passwd",
            "binary_version": "1:4.2-3.1ubuntu5.5+esm4"
        },
        {
            "binary_name": "passwd-dbgsym",
            "binary_version": "1:4.2-3.1ubuntu5.5+esm4"
        },
        {
            "binary_name": "uidmap",
            "binary_version": "1:4.2-3.1ubuntu5.5+esm4"
        },
        {
            "binary_name": "uidmap-dbgsym",
            "binary_version": "1:4.2-3.1ubuntu5.5+esm4"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / shadow

Package

Name: shadow
Purl: pkg:deb/ubuntu/shadow@1:4.5-1ubuntu2.5+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.5-1ubuntu2.5+esm1

Affected versions

1:4.*

1:4.2-3.2ubuntu4

1:4.5-1ubuntu1

1:4.5-1ubuntu2

1:4.5-1ubuntu2.2

1:4.5-1ubuntu2.3

1:4.5-1ubuntu2.4

1:4.5-1ubuntu2.5

Ecosystem specific

{
    "priority_reason": "Unlikely attack scenario",
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "login",
            "binary_version": "1:4.5-1ubuntu2.5+esm1"
        },
        {
            "binary_name": "login-dbgsym",
            "binary_version": "1:4.5-1ubuntu2.5+esm1"
        },
        {
            "binary_name": "passwd",
            "binary_version": "1:4.5-1ubuntu2.5+esm1"
        },
        {
            "binary_name": "passwd-dbgsym",
            "binary_version": "1:4.5-1ubuntu2.5+esm1"
        },
        {
            "binary_name": "uidmap",
            "binary_version": "1:4.5-1ubuntu2.5+esm1"
        },
        {
            "binary_name": "uidmap-dbgsym",
            "binary_version": "1:4.5-1ubuntu2.5+esm1"
        }
    ]
}

Ubuntu:20.04:LTS / shadow

Package

Name: shadow
Purl: pkg:deb/ubuntu/shadow@1:4.8.1-1ubuntu5.20.04.5?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.8.1-1ubuntu5.20.04.5

Affected versions

1:4.*

1:4.5-1.1ubuntu4

1:4.8-1ubuntu1

1:4.8.1-1ubuntu1

1:4.8.1-1ubuntu2

1:4.8.1-1ubuntu3

1:4.8.1-1ubuntu4

1:4.8.1-1ubuntu5

1:4.8.1-1ubuntu5.20.04

1:4.8.1-1ubuntu5.20.04.1

1:4.8.1-1ubuntu5.20.04.2

1:4.8.1-1ubuntu5.20.04.3

1:4.8.1-1ubuntu5.20.04.4

Ecosystem specific

{
    "priority_reason": "Unlikely attack scenario",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "login",
            "binary_version": "1:4.8.1-1ubuntu5.20.04.5"
        },
        {
            "binary_name": "login-dbgsym",
            "binary_version": "1:4.8.1-1ubuntu5.20.04.5"
        },
        {
            "binary_name": "passwd",
            "binary_version": "1:4.8.1-1ubuntu5.20.04.5"
        },
        {
            "binary_name": "passwd-dbgsym",
            "binary_version": "1:4.8.1-1ubuntu5.20.04.5"
        },
        {
            "binary_name": "uidmap",
            "binary_version": "1:4.8.1-1ubuntu5.20.04.5"
        },
        {
            "binary_name": "uidmap-dbgsym",
            "binary_version": "1:4.8.1-1ubuntu5.20.04.5"
        }
    ]
}

Ubuntu:22.04:LTS / shadow

Package

Name: shadow
Purl: pkg:deb/ubuntu/shadow@1:4.8.1-2ubuntu2.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.8.1-2ubuntu2.2

Affected versions

1:4.*

1:4.8.1-1ubuntu9

1:4.8.1-1ubuntu10

1:4.8.1-2ubuntu1

1:4.8.1-2ubuntu2

1:4.8.1-2ubuntu2.1

Ecosystem specific

{
    "priority_reason": "Unlikely attack scenario",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "login",
            "binary_version": "1:4.8.1-2ubuntu2.2"
        },
        {
            "binary_name": "login-dbgsym",
            "binary_version": "1:4.8.1-2ubuntu2.2"
        },
        {
            "binary_name": "passwd",
            "binary_version": "1:4.8.1-2ubuntu2.2"
        },
        {
            "binary_name": "passwd-dbgsym",
            "binary_version": "1:4.8.1-2ubuntu2.2"
        },
        {
            "binary_name": "uidmap",
            "binary_version": "1:4.8.1-2ubuntu2.2"
        },
        {
            "binary_name": "uidmap-dbgsym",
            "binary_version": "1:4.8.1-2ubuntu2.2"
        }
    ]
}